15+ years’ experience in the area of Information Risk Management, IT Service Management, IT Governance, IT Process Transformation and results - focused ISSO (Internal System Security Officer) in Banking, Finance, Insurance, Transport, Healthcare and IT Sectors
Senior Information System Security & Cyber Security: Enterprise Risk Management (ERM) trusted advisor for securing the Enterprise. Guiding Organizations in achieving a secure vision, mission, securing operations for their Enterprise. Leading successful Security Projects with an ERM methodology with Technical expertise.
Guiding organizations in Enterprise Information Security Architecture with detailed roadmaps, project plans, and budgets. Detailed knowledge of IT Security, Application Security, Privileged Account Management, IT Governance and Compliance, Security Strategy & Tools, Incident Response, and best practices. Focusing my & experience to lead Teams building security solutions and systems for key aspects of a Global IT enterprise (Data/Application/Infrastructure).
IT Advisory roles - Key forte on IT Governance, IT Risk and Compliance, IT Strategies, Mergers & Acquisitions.
Demonstrated abilities in developing security frameworks, conceptualizing security policies and ensuring compliance with security standards and procedures
Proficient in conducting in-depth reviews and risk assessment & selecting appropriate risk mitigation strategies
Adept in making high-stakes decisions, resolving complex security issues, providing expert advisory services and managing large-scale assignments
Actively involved in designing, implementing & enforcing comprehensive, technologically sophisticated and fiscally conscientious corporate security programmes and solutions
Excellent leader with ability to drive new initiatives and take complete ownership of the assigned tasks
Good understanding of customer needs, crisis management, problem solving & negotiating skills, contract management, leading team, working in a multi-cultural & vendor environment - USA, UK, India & Singapore and merit of being associated with country’s renowned organisations such as Confidential (BIG 4), Confidential, Ilabs.
Process Initiatives & compliance - ISO 27001, ISO 20000, ISO 31000, Six sigma, ITIL, SOX, SAS 70
SAP Application Security & GRC Management & Compliance
Security Architecture- IT Security planning, Zone Based Design to achieve Confidentiality - Integrity - Availability (CIA). Accreditation (C&A) | Risks Assessment (RA) | Continuous Monitoring (CM) Security Plans (SP)| Security Categorization (SC) | Plan of Action & Milestones (POAM)
Information System Security Experience:
Managed and delivered multiple SAP implementation projects and many maintenance projects
Managed and delivered many Development projects in Oracle application
Managed and delivered multiple ISO 27001 standards implementation and maintenance projects & Security Improvements & Consulting - Efficiently & effectively led reduced the risk to the organization
Developed the unique Information Security Management methodologies from scratch and Implementing the same in all Confidential USA Regions with high partner’s satisfaction and proven track record in managing portfolio of over $ 3 to 10 US million dollar Information Security Implementation Projects
Delivered more than 100+ s in the areas of Information Security Management, Change Management ISO 27001 and Risk management
ISO 27001 Implementation & Compliance - Business Continuity Planning (BCP) Operational Risk Management- Exhibits Excellent Judgment Information Risk management- Peoples Manager Risk Assessments, & GRC tools - Relation Ship Management Risk management concepts (COSO Framework)- Process assurance & improvement Application Development & Testing- Program Management
Chief Information Security officer (CISO)
ISO 27001 Implementation and Compliance Team
Information Security Methodologies definition, Implementation and Compliance team
GRC & Security Projects - SAP & Oracle
Implementation, supporting and maintenance projects
Established and built first ISO for Confidential, MD which manages all IT security implementation and compliance projects in BFSI domain. Responsible for managing five weeks to ten weeks’ project releases with portfolios of over 300 Information Security projects annually.
Coordinated with the Director IT to provide a comprehensive, organization-wide, holistic approach for addressing risk. Developed a risk management strategy for the organization providing a strategic view of information security-related risks. Provided oversight for all risk management-related activities across the organization to help ensure consistent and effective risk acceptance decisions. Ensured that authorization decisions consider all factors necessary for mission and business success.
Created the system level Risk Assessment Policy and Procedures. Established the formal, documented risk assessment policy that addresses purpose, scope, roles, responsibilities, management commitment, and coordination among organizational entities. Applied the methodology of Risk Management Framework for Federal Information Systems in collaboration with information system owners. Verified and validated security categories for 15 information systems. Served as the principal advisor on all matters, technical and otherwise, involving the security of the information systems. Assigned responsibility for the day-to-day security operations of information system.
Ensured that security awareness and material is effectively deployed to reach the primary ISSO. Assists in establishing a security tracking and reporting strategy
Served as the primary liaison for the chief information officer to the organization’s information system owners and information system security officer.
Responsible for the development, implementation, assessment, and monitoring of common controls. Documented the organization-identified common controls in a security plan prescribed by the organization.
Responsible for conducting a comprehensive assessment of the management, operational, and technical security controls employed within or inherited by 22 information systems to determine the overall effectiveness of the controls and the extent to which the controls were implemented correctly, operating as intended, and producing the desired outcome with respect to meeting the security requirements. Analyzed the assessment findings in the security assessment report and produced a plan of action and milestones for all controls having weaknesses or deficiencies.
Conduct Vulnerability Assessment & Hardening of Servers, Routers, and Switches etc based on VA (Vulnerability Assessment) results.
Risk Analysis of Information Assets & preparation of Risk Treatment Plan
Handle critical functions like Conducting Penetration Testing, Incident Management & Conducting Information Security Audit.
Preparation disaster management plans by making BCP ready & handling Disaster Recovery plans.
Improved the customer satisfaction rate from 3 to 4.5 rating scale of 5
Governed high visibility and high value (>$10 M) projects by defining and tracking key project metrics and aligning them to the business strategy.
Defined an enterprise level framework to improve Tollgate, Dashboard, Status Reporting, SLAs Metrics Identification, KPIs and Tracking processes. Performing repeatable governance and project management processes with established standards and measurement criteria.
Monitored project progress from inception and feasibility through closure. Reviewed business case, project financials, schedule, risks and issues through the project lifecycle. Managed cross-functional and matrix project teams.
Effectively communicated weekly updates to Stakeholders and Senior Management.
In the role of AIM Authority, responsible & accountable for overseeing and managing the user business roles & system role access assignments to the right people on "need-to-know" & "need-to-have" principle along with execution of user system access re- activity for several business applications. Additionally, also ensuring that no SOD (segregation of duties) conflict exists among business roles & business functions
Successfully managed & delivered IT GRC projects like - ISMS framework implementation, Information Security Awareness Campaign Week, ISMS sustenance "RisqVu" IT GRC tool implementation & VAPT (Vulnerability Assessment - Penetration Testing) of core business applications
Responsible for understanding the German Banking Regulator - BaFin: IT minimum standards and implementing the required IT security controls in-order to be fully compliant with their applicable regulations
Currently accountable & responsible for successfully driving the CBF (Crash Barrier Function) maturity score improvement project to help VWFS India subsidiary reach the desired set target goals within timelines, by implementing several security controls within various areas of IT - GRC domain
In-charge of controlling and micro-managing IT GRC project budgets and its corresponding risks & opportunities
Establishing business relationships with 3rd party vendors for IT related procurements or consultancy projects, by getting involved in the vendor identification, evaluation and negotiation phases
Develop, Implement, Support technologies, programs, policies & strategies to protect Company s Information Assets.
Information System Security Officer
Developed a "center of excellence" for “Information Security Management”, offering internal management consultancy advice and practical assistance on information security risk and control matters throughout the organization and promoting the commercial advantages of managing information security risks more efficiently and effectively
Responsible for handling IT Infrastructure Management, Oversee all phases of internal IT infrastructure project from conception to completion.
Infrastructure capacity planning, plan annual budgets both for revenue and capital expenditure, Control and monitor IT related purchases and Vendor Management.
Collaborate with and maintain communications with executives and department heads in the organization.
Coordinate IT staffing, including hiring, supervision, scheduling, and discipline.
Leads or commissions the preparation and authorizes the implementation of necessary information security policies, standards, procedures and guidelines, in conjunction with the Security Committee
Leads the design and operation of related compliance monitoring and improvement activities to ensure compliance both with internal security policies etc. and applicable laws and regulations
Assist with upgrading information security, represent organization IT in client meetings, responsible for implementation and support of IT BCP and Disaster recovery plan.
Leads or commissions suitable information security awareness, and al activities
Design, implement and enforce the policies, procedures and best practices for their IT team or department, Research IT solutions and make recommendations for the improvement of IT systems and IT infrastructure.
Leads or commissions information security risk assessments and controls selection activities
Leads or commissions activities relating to contingency planning, business continuity management and IT disaster recovery in conjunction with relevant functions and third parties. Negotiate and approve technology vendor, outsourcing, and consultant contracts and service agreements.
Meets system security financial objectives by forecasting requirements; preparing an annual budget; scheduling expenditures; analyzing variances; initiating corrective actions.
Protects computer assets by developing security strategies; directing system control development and access management, monitoring, control, and evaluation.
Participate in requirement gathering sessions with internal& external clients and document requirement and work towards suitable solution. Ensure IT infrastructure project is completed within budget and on time.
Establishes system safeguards by directing disaster preparedness development; conducting preparedness tests.
Develops security awareness by directing development of orientation and programs; counseling clients.
Assemble risk management plans and work effort documents, Provide risk assessment.
Responsible for internal/external IT audits and requirements, develop project/operations tracking and variance reports.